USN-2294-1: Libtasn1 vulnerabilities

Ubuntu Security Notice USN-2294-1

libtasn1-3, libtasn1-6 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Ubuntu 12.04 LTS

Ubuntu 10.04 LTS

Summary

Libtasn1 could be made to crash or run programs as your login if it
processed specially crafted data.

Software description

libtasn1-3
- Library to manage ASN.1 structures

libtasn1-6
- Library to manage ASN.1 structures

Details

It was discovered that Libtasn1 incorrectly handled certain ASN.1 datastructures. An attacker could exploit this with specially crafted ASN.1data and cause applications using Libtasn1 to crash, resulting in a denialof service. (CVE-2014-3467)

It was discovered that Libtasn1 incorrectly handled negative bit lengths.An attacker could exploit this with specially crafted ASN.1 data and causeapplications using Libtasn1 to crash, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2014-3468)

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. Anattacker could exploit this with specially crafted ASN.1 data and causeapplications using Libtasn1 to crash, resulting in a denial of service.(CVE-2014-3469)

Update instructions

The problem can be corrected by updating your system to the following
package version: